Disable User Enumeration is a plugin designed to prevent hackers scanning your site for user names using REST API call.
Author: | Vasim Shaikh (profile at wordpress.org) |
WordPress version required: | 4.7 |
WordPress version tested: | 5.5.5 |
Plugin version: | 1.0.0 |
Added to WordPress repository: | 16-12-2020 |
Last updated: | 16-12-2020
Warning! This plugin has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
|
Rating, %: | 0 |
Rated by: | 0 |
Plugin URI: | |
Total downloads: | 706 |
Active installs: | 50+ |
Click to start download |
User enumeration can be use for brute-force techniques to either guess or confirm valid users in a system. User enumeration is often a web application vulnerability, though it can also be found in any system that requires user authentication.
An enumeration attack allows a hacker to check whether a name exists in the database. For example, to set up a brute-force attack, rather than searching through login and password pairs, all they need is a matching password for a verified user name, saving time and effort.
The phrase “username harvesting” refers to a vulnerability that when exploited allows people or programs interacting with an application to determine what a valid username is vs an invalid username.
**You can check your site have user enumeration by simply type https://selectedfirms.co/wp-json/wp/v2/users that’s it. **
Features:
- We only disable for non logged in users.
- You can deactivate with single click. No extra configuration required.
- Something else about the plugin
Screenshots
FAQ
ChangeLog